* All machines: Pointer guard testing update (Bug 15754, CVE-2013-4788).
@ 2013-09-26 14:52 Carlos O'Donell
2013-09-26 15:39 ` Will Newton
2013-09-27 1:06 ` Kaz Kojima
0 siblings, 2 replies; 6+ messages in thread
From: Carlos O'Donell @ 2013-09-26 14:52 UTC (permalink / raw)
To: libc-ports
All machines,
The fix for CVE-2013-4788 (bug 15754) contains a regression
test to ensure that the pointer guard is both random and
changes between processes.
In order to create the test it was necessary to add a new
accessor macro POINTER_CHK_GUARD to allow the regression
test to locate and read the pointer guard value from outside
of the library.
I have added a POINTER_CHK_GUARD implementation for *all*
machines. You need not do any work at this point. However,
for some machines I wrote the implementation without testing
it e.g. stack guard was just before pointer guard so
POINTER_CHK_GUARD is the same code with a different offset.
My request is that you run the testsuite and verify that
tst-ptrguard1 and tst-ptrguard1-static pass. If they don't
pass please email me and we can work out what might be
wrong with your POINTER_CHK_GUARD implementation.
Cheers,
Carlos.
^ permalink raw reply [flat|nested] 6+ messages in thread
* Re: All machines: Pointer guard testing update (Bug 15754, CVE-2013-4788).
2013-09-26 14:52 All machines: Pointer guard testing update (Bug 15754, CVE-2013-4788) Carlos O'Donell
@ 2013-09-26 15:39 ` Will Newton
2013-09-26 16:26 ` Richard Henderson
2013-09-27 1:06 ` Kaz Kojima
1 sibling, 1 reply; 6+ messages in thread
From: Will Newton @ 2013-09-26 15:39 UTC (permalink / raw)
To: Carlos O'Donell; +Cc: libc-ports
On 26 September 2013 15:52, Carlos O'Donell <carlos@redhat.com> wrote:
Hi Carlos,
> The fix for CVE-2013-4788 (bug 15754) contains a regression
> test to ensure that the pointer guard is both random and
> changes between processes.
>
> In order to create the test it was necessary to add a new
> accessor macro POINTER_CHK_GUARD to allow the regression
> test to locate and read the pointer guard value from outside
> of the library.
>
> I have added a POINTER_CHK_GUARD implementation for *all*
> machines. You need not do any work at this point. However,
> for some machines I wrote the implementation without testing
> it e.g. stack guard was just before pointer guard so
> POINTER_CHK_GUARD is the same code with a different offset.
>
> My request is that you run the testsuite and verify that
> tst-ptrguard1 and tst-ptrguard1-static pass. If they don't
> pass please email me and we can work out what might be
> wrong with your POINTER_CHK_GUARD implementation.
I noticed that alpha does something strange in this regard.
ports/sysdeps/unix/alpha/sysdep.h:
/* There exists generic C code that assumes that PTR_MANGLE is always
defined. When generating code for the static libc, we don't have
__pointer_chk_guard defined. Nor is there any place that would
initialize it if it were defined, so there's little point in doing
anything more than nothing. */
# ifndef __ASSEMBLER__
# define PTR_MANGLE(var)
# define PTR_DEMANGLE(var)
# endif
This looks like in the static case alpha will not benefit from the new
fix. I don't have an alpha toolchain or any particular knowledge of
alpha to verify that though.
--
Will Newton
Toolchain Working Group, Linaro
^ permalink raw reply [flat|nested] 6+ messages in thread
* Re: All machines: Pointer guard testing update (Bug 15754, CVE-2013-4788).
2013-09-26 15:39 ` Will Newton
@ 2013-09-26 16:26 ` Richard Henderson
0 siblings, 0 replies; 6+ messages in thread
From: Richard Henderson @ 2013-09-26 16:26 UTC (permalink / raw)
To: Will Newton; +Cc: Carlos O'Donell, libc-ports
On 09/26/2013 08:39 AM, Will Newton wrote:
> On 26 September 2013 15:52, Carlos O'Donell <carlos@redhat.com> wrote:
>
> Hi Carlos,
>
>> The fix for CVE-2013-4788 (bug 15754) contains a regression
>> test to ensure that the pointer guard is both random and
>> changes between processes.
>>
>> In order to create the test it was necessary to add a new
>> accessor macro POINTER_CHK_GUARD to allow the regression
>> test to locate and read the pointer guard value from outside
>> of the library.
>>
>> I have added a POINTER_CHK_GUARD implementation for *all*
>> machines. You need not do any work at this point. However,
>> for some machines I wrote the implementation without testing
>> it e.g. stack guard was just before pointer guard so
>> POINTER_CHK_GUARD is the same code with a different offset.
>>
>> My request is that you run the testsuite and verify that
>> tst-ptrguard1 and tst-ptrguard1-static pass. If they don't
>> pass please email me and we can work out what might be
>> wrong with your POINTER_CHK_GUARD implementation.
>
> I noticed that alpha does something strange in this regard.
>
> ports/sysdeps/unix/alpha/sysdep.h:
>
> /* There exists generic C code that assumes that PTR_MANGLE is always
> defined. When generating code for the static libc, we don't have
> __pointer_chk_guard defined. Nor is there any place that would
> initialize it if it were defined, so there's little point in doing
> anything more than nothing. */
> # ifndef __ASSEMBLER__
> # define PTR_MANGLE(var)
> # define PTR_DEMANGLE(var)
> # endif
>
> This looks like in the static case alpha will not benefit from the new
> fix. I don't have an alpha toolchain or any particular knowledge of
> alpha to verify that though.
>
It looks like Carlos will have just allowed that to be fixed in his patch,
since __pointer_chk_guard_local is now defined if THREAD_SET_POINTER_GUARD isn't.
r~
^ permalink raw reply [flat|nested] 6+ messages in thread
* Re: All machines: Pointer guard testing update (Bug 15754, CVE-2013-4788).
2013-09-26 14:52 All machines: Pointer guard testing update (Bug 15754, CVE-2013-4788) Carlos O'Donell
2013-09-26 15:39 ` Will Newton
@ 2013-09-27 1:06 ` Kaz Kojima
2013-09-27 1:43 ` Carlos O'Donell
1 sibling, 1 reply; 6+ messages in thread
From: Kaz Kojima @ 2013-09-27 1:06 UTC (permalink / raw)
To: carlos; +Cc: libc-ports, thomas
Hi,
"Carlos O'Donell" <carlos@redhat.com> wrote:
> My request is that you run the testsuite and verify that
> tst-ptrguard1 and tst-ptrguard1-static pass. If they don't
> pass please email me and we can work out what might be
> wrong with your POINTER_CHK_GUARD implementation.
New ptrguard tests fail on SH because the target uses generic
stackguard-macros.h but defines THREAD_SET_POINTER_GUARD.
The attached patch works for me.
Regards,
kaz
--
* sysdeps/sh/stackguard-macros.h: New file.
diff --git a/sysdeps/sh/stackguard-macros.h b/sysdeps/sh/stackguard-macros.h
new file mode 100644
index 0000000..55a5771
--- /dev/null
+++ b/sysdeps/sh/stackguard-macros.h
@@ -0,0 +1,6 @@
+#include <stdint.h>
+
+extern uintptr_t __stack_chk_guard;
+#define STACK_CHK_GUARD __stack_chk_guard
+
+#define POINTER_CHK_GUARD THREAD_GET_POINTER_GUARD()
^ permalink raw reply [flat|nested] 6+ messages in thread
* Re: All machines: Pointer guard testing update (Bug 15754, CVE-2013-4788).
2013-09-27 1:06 ` Kaz Kojima
@ 2013-09-27 1:43 ` Carlos O'Donell
2013-09-27 2:15 ` Kaz Kojima
0 siblings, 1 reply; 6+ messages in thread
From: Carlos O'Donell @ 2013-09-27 1:43 UTC (permalink / raw)
To: Kaz Kojima; +Cc: libc-ports, thomas
On 09/26/2013 09:06 PM, Kaz Kojima wrote:
> Hi,
>
> "Carlos O'Donell" <carlos@redhat.com> wrote:
>> My request is that you run the testsuite and verify that
>> tst-ptrguard1 and tst-ptrguard1-static pass. If they don't
>> pass please email me and we can work out what might be
>> wrong with your POINTER_CHK_GUARD implementation.
>
> New ptrguard tests fail on SH because the target uses generic
> stackguard-macros.h but defines THREAD_SET_POINTER_GUARD.
> The attached patch works for me.
>
> Regards,
> kaz
> --
> * sysdeps/sh/stackguard-macros.h: New file.
>
> diff --git a/sysdeps/sh/stackguard-macros.h b/sysdeps/sh/stackguard-macros.h
> new file mode 100644
> index 0000000..55a5771
> --- /dev/null
> +++ b/sysdeps/sh/stackguard-macros.h
> @@ -0,0 +1,6 @@
> +#include <stdint.h>
> +
> +extern uintptr_t __stack_chk_guard;
> +#define STACK_CHK_GUARD __stack_chk_guard
> +
> +#define POINTER_CHK_GUARD THREAD_GET_POINTER_GUARD()
>
Kaz,
That looks good to me. I will admit that's not a
combination I thought about. Thanks for fixing it.
Cheers,
Carlos.
^ permalink raw reply [flat|nested] 6+ messages in thread
* Re: All machines: Pointer guard testing update (Bug 15754, CVE-2013-4788).
2013-09-27 1:43 ` Carlos O'Donell
@ 2013-09-27 2:15 ` Kaz Kojima
0 siblings, 0 replies; 6+ messages in thread
From: Kaz Kojima @ 2013-09-27 2:15 UTC (permalink / raw)
To: carlos; +Cc: libc-ports, thomas
"Carlos O'Donell" <carlos@redhat.com> wrote:
> That looks good to me. I will admit that's not a
> combination I thought about. Thanks for fixing it.
Thanks for your comment. I've committed it with the ChangeLog
entry below.
Regards,
kaz
--
2013-09-27 Kaz Kojima <kkojima@rr.iij4u.or.jp>
* sysdeps/sh/stackguard-macros.h: New file.
^ permalink raw reply [flat|nested] 6+ messages in thread
end of thread, other threads:[~2013-09-27 2:15 UTC | newest]
Thread overview: 6+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2013-09-26 14:52 All machines: Pointer guard testing update (Bug 15754, CVE-2013-4788) Carlos O'Donell
2013-09-26 15:39 ` Will Newton
2013-09-26 16:26 ` Richard Henderson
2013-09-27 1:06 ` Kaz Kojima
2013-09-27 1:43 ` Carlos O'Donell
2013-09-27 2:15 ` Kaz Kojima
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).